1. Field of the Invention
The present invention relates to computer-readable recording media recording wireless communication authentication programs, and more particularly, to a computer-readable recording medium recording a wireless communication authentication program having the function of preventing an outsider's illegal access.
2. Description of the Related Art
In information communications via networks, it is necessary that illegal acts such as an outsider's illegal access should be prevented. Various security technologies have therefore been developed for information communications via wired LANs (Local Area Networks).
For example, with respect to software to be executed by a client device (hereinafter merely referred to as client), a server machine issues, to the client, an authentication key specifying a term of validity. When the software is to be executed by the client, the stored authentication key and validity term are checked against the current date and time indicated by the calendar timer of the client, to determine whether to permit the execution of the software (e.g., Unexamined Japanese Patent Publication No. 2000-122863).
Also, as authentication schemes using a one-time password, a technique is known which makes use of time information of a mobile telephone in order to manage secret information while ensuring security of the one-time password. One-time password scheme is a scheme wherein a password displayed on a small portable device called token, instead of a password memorized by the user, is input for the purpose of user authentication. For example, in a mobile telephone, a hash value is obtained using a user ID, current time information and common secret information, to generate a one-time password. The user inputs the generated one-time password and the user ID to a user PC (Personal Computer), whereupon the input information is sent to a user authentication server. On receiving the user ID and the one-time password from the user PC, the user authentication server causes a hash generator therein to similarly generate a one-time password by using the received user ID, current time information and common secret information, and the generated one-time password is used for the verification by a one-time password verifier (e.g., Unexamined Japanese Patent Publication No. 2002-259344).
Meanwhile, as a result of the recent advance in wireless LAN technologies, data communications can be performed using a terminal device connectable to a wireless LAN, without the need for cable connection. For example, a wireless LAN communication environment may be created inside a factory, whereby the terminal device can communicate wherever in the factory it is moved, without changing network settings etc. This improves the efficiency of work using computers.
In the case of wireless LAN, however, communication data is carried by electromagnetic waves and thus can be tapped relatively easily, compared with the case of wired LAN. Accordingly, when configuring a wireless LAN, it is necessary to employ more sophisticated security techniques than those required for a wired LAN. Such security techniques include techniques for preventing outsider's illegal connection, and as such illegal connection prevention techniques, a technique is known wherein only the terminal devices authenticated by an authentication server are allowed to connect to a wireless LAN.
FIG. 31 shows an exemplary configuration of a conventional wireless LAN system. An authentication server 91 is connected via an IP (Internet Protocol) network 92 to an access point 93 which is connected to a client 94 by wireless. The access point 93 and the client 94 are in a relationship such that the access point 93 functions as a master station of wireless communication while the client 94 as a slave station. The authentication server 91 is a computer for performing authentication following the procedures provided by IEEE 802.1x. In accordance with the procedures defined by RADIUS (Remote Authentication Dial-In User Service), the authentication server 91 authenticates the user who uses the client 94. Details of RADIUS are publicized as RFC 2138 and 2139.
FIG. 32 shows an authentication sequence of the conventional wireless LAN system. In FIG. 32, a user authentication sequence is executed between the slave station (client 94), the master station (access point 93) and the authentication server 91 (Step S201). An encryption key is delivered from the authentication server 91 to the master station (access point 93) and then to the slave station (client 94). Using the delivered encryption key, the client 94 encrypts data to be communicated (Step S202).
The authentication scheme according to IEEE 802.1x is, however, prescribed on the assumption that the scheme is applied to a large-scale wireless LAN system as a whole. Accordingly, even in the case of a small-scale system based on P-P (Point-to-Point) communication, for example, the authentication server 91 needs to be provided on the network, though there are only two wireless LAN devices on the network, which entails an increase in the cost of equipment.
Moreover, the authentication process needs to be periodically performed by the authentication server 91 to dynamically change the encryption key. By dynamically changing the encryption key, it is possible to prevent the encryption key from being decrypted, thereby greatly enhancing security. However, since the encryption key is dynamically changed, the user authentication sequence is frequently executed between the slave station (client 94), the master station (access point 93) and the authentication server 91. As a result, a problem arises in that the throughput of actual communication lowers due to increase in the communication time required for communication other than data communication.